package controllers;

import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringReader;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;

import database.CourseHandler;
import database.DBDefault;
import database.StyleHandler;
import database.Tables;
import database.UserHandler;

import org.w3c.dom.Document;
import org.w3c.dom.Element;

import entities.Course;
import entities.Style;
import entities.User;
import exceptions.MyException;

import auxilary.Actions;
import auxilary.Log;

/************************************************************/
/* 						UserController						*/
/*															*/
/* GET: get requests are for displaying pages				*/
/* 		/Users - all users page								*/
/* 		/Users/profile - user profile page					*/
/* 		/Users/{userId} - view user with username page		*/
/*															*/
/* POST: post requests are for performing actions		 	*/
/*		 LOGIN, REGISTER, LOGOUT, CHANGE_USER_FIELDS		*/
/*															*/
/************************************************************/

public class UserController extends HttpServlet {
	private static final long serialVersionUID = 1L;

	public UserController() {
		super();
	}

	/*
	 * GET - for page display
	 */
	protected void doGet(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		String pathInfo = request.getPathInfo();
		User user = (User) request.getSession().getAttribute("user");
		if (!canSeePage(user, pathInfo)) {
			response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
			request.getRequestDispatcher("/errors/401.jsp").forward(request,
					response);
			return;
		}
		if ((pathInfo == null) || (pathInfo.equals("/"))) {
			// basic url "/Users"
			usersPage(request, response);
			return;
		}
		pathInfo = pathInfo.substring(1);
		if (pathInfo.toLowerCase().equals("profile")) {
			// url "/Users/Profile"
			profilePage(request, response);
		} else if (pathInfo.toLowerCase().equals("wishlist")) {
			// url "/Users/Wishlist"
			listPage(request, response, false);
		} else if (pathInfo.toLowerCase().equals("courses")) {
			// url "/Users/RegisteredCourse"
			listPage(request, response, true);
		} else if (pathInfo.toLowerCase().equals("schedule")) {
			// url "/Users/RegisteredCourse"
			schedulePage(request, response);
		} else if (pathInfo.toLowerCase().equals("xml")) {
			// url "/Users/RegisteredCourse"
			xmlPage(request, response);
		} else {
			// url "/Users/{userId}"
			userInfoPage(request, response, pathInfo);
		}
	}

	/*
	 * POST - for actions
	 */
	protected void doPost(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		int action = 0;
		action = Integer.parseInt(request.getParameter("action"));
		String msg = "";
		User user = (User) request.getSession().getAttribute("user");
		if (!CanDoAction(request, user, action)) {
			response.setStatus(HttpServletResponse.SC_NOT_FOUND);
			return;
		}
		switch (action) {
			case Actions.User.LOGIN :
				Log.dbg("Login");
				msg = login(request, response);
				break;
			case Actions.User.REGISTER :
				Log.dbg("Register");
				msg = register(request, response);
				break;
			case Actions.User.LOGOUT :
				Log.dbg("Logout");
				logout(request);
				break;
			case Actions.User.CHANGE_FIRST_NAME :
				Log.dbg("Changing first name");
				msg = changeField(request, response,
						Tables.User.Columns.FIRST_NAME);
				break;
			case Actions.User.CHANGE_LAST_NAME :
				Log.dbg("Changing last name");
				msg = changeField(request, response,
						Tables.User.Columns.LAST_NAME);
				break;
			case Actions.User.CHANGE_EMAIL :
				Log.dbg("Changing email");
				msg = changeField(request, response, Tables.User.Columns.EMAIL);
				break;
			case Actions.User.CHANGE_FACULTY :
				Log.dbg("Changing faculty");
				msg = changeField(request, response,
						Tables.User.Columns.FACULTY);
				break;
			case Actions.User.CHANGE_SEMESTER :
				Log.dbg("Changing semester");
				msg = changeField(request, response,
						Tables.User.Columns.SEMESTER);
				break;
			case Actions.User.CHANGE_PASSWORD :
				Log.dbg("Changing password");
				msg = changeField(request, response,
						Tables.User.Columns.PASSWORD);
				break;
			case Actions.User.CHANGE_PHONE :
				Log.dbg("Changing phone number");
				msg = changeField(request, response, Tables.User.Columns.PHONE);
				break;
			case Actions.User.DELETE :
				Log.dbg("Delete user");
				msg = deleteUser(request, response);
				break;
			case Actions.User.DB_DEFAULT :
				Log.dbg("Defaulting DB");
				msg = defaultDB(request, response);
				break;
			case Actions.User.DB_RESTART :
				Log.dbg("Restarting DB");
				msg = restartDB(request, response);
				break;
			case Actions.User.GET_SCHEDULE :
				Log.dbg("Getting schedule xml");
				msg = getSchedule(request, response);
				return;
			case Actions.User.DELETE_STYLE :
				Log.dbg("Delete Style");
				msg = deleteStyle(request, response);
				break;
			default :
				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
		}
		try {
			response.getWriter().write(msg);
		} catch (Exception e) {
			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
		}
		return;
	}

	/* **************************** */
	/* Page callers (called by GET) */
	/* **************************** */

	/*
	 * User page - specific user page (called by id)
	 */
	private void userInfoPage(HttpServletRequest request,
			HttpServletResponse response, String idString)
			throws ServletException, IOException {
		// get id from path
		int id = -1;
		try {
			id = Integer.parseInt(idString);
		} catch (Exception e) {
			response.setStatus(HttpServletResponse.SC_NOT_FOUND);
			request.getRequestDispatcher("/errors/404.jsp").forward(request,
					response);
		}

		// get page info
		UserHandler uh = new UserHandler();
		User user = null;
		try {
			user = uh.fetchUser(id);
		} catch (Exception e) {
			response.setStatus(HttpServletResponse.SC_NOT_FOUND);
			return;
		}
		request.setAttribute("user", user);
		List<Course> courses = getAllUserCourses(user, true);
		request.setAttribute("courses", courses);
		List<Course> wishList = getAllUserCourses(user, false);
		request.setAttribute("wishList", wishList);

		// call users jsp page
		request.getRequestDispatcher("/WEB-INF/user.jsp").forward(request,
				response);
	}

	/*
	 * Profile page - session user page
	 */
	private void profilePage(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/WEB-INF/profile.jsp").forward(request,
				response);
	}

	/*
	 * Users page - all users page
	 */
	private void usersPage(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		// get page data
		List<User> users = getAllUsers();
		request.setAttribute("users", users);

		// call users jsp page
		request.getRequestDispatcher("/WEB-INF/users.jsp").forward(request,
				response);
	}

	private void listPage(HttpServletRequest request,
			HttpServletResponse response, boolean isRegisteredCourses)
			throws ServletException, IOException {
		// listName by isRegisteredCourses
		String listName = (isRegisteredCourses)
				? "Registered Courses"
				: "Wishlist";

		// get page info
		User user = (User) request.getSession().getAttribute("user");
		List<Course> wishList = getAllUserCourses(user, isRegisteredCourses);
		request.setAttribute("list", wishList);
		request.setAttribute("listName", listName);

		// call users jsp page
		request.getRequestDispatcher("/WEB-INF/courselist.jsp").forward(
				request, response);
	}

	private void schedulePage(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		User user = (User) request.getSession().getAttribute("user");
		List<Course> usersCourseList = null;
		CourseHandler ch = new CourseHandler();
		try {
			usersCourseList = ch.fetchAllRegisteredCoursesWithSessions(user);
		} catch (Exception e) {
			usersCourseList = null;
		}
		boolean hasCourses = (usersCourseList != null);

		request.setAttribute("hasCourses", hasCourses);

		Set<String> stylesSet = new LinkedHashSet<String>();
		stylesSet.add("Box.Style");
		stylesSet.add("Table.Style");
		StyleHandler sh = new StyleHandler();
		try {
			List<Style> styles = sh.getAllStyle();
			for (Style style : styles) {
				stylesSet.add(style.getName());
			}
		} catch (Exception e) {
			// no styles exist in db
		}
		
		List<String> styles = new LinkedList<String>(stylesSet);
		request.setAttribute("styles", styles);

		// call users jsp page
		request.getRequestDispatcher("/WEB-INF/schedule.jsp").forward(request,
				response);
	}

	private void xmlPage(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		String xmlString = null;
		try {
			xmlString = createXml(request);
		} catch (Exception e) {
			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
			return;
		}
		if (xmlString == null) {
			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
			return;
		}
		response.setStatus(HttpServletResponse.SC_OK);
		response.setContentType("text/xml");
		try {
			response.getWriter().write(xmlString);
		} catch (Exception e) {
			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
			return;
		}
		return;
	}

	/* *********************************** */
	/* Performing actions (called by POST) */
	/* *********************************** */

	/*
	 * Login - adding user to session
	 */
	private String login(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		// get params from POST
		String username = request.getParameter("username");
		String password = request.getParameter("password");

		if (username == null || username.isEmpty() || password == null
				|| password.isEmpty()) {
			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
			return ("Username Or Password Are Incorrect");
		}

		UserHandler uh = new UserHandler();
		User user = null;
		try {
			// check that user is registered
			user = uh.Authenticate(username, password);
		} catch (MyException e) {
			// other exception occurred - redirect to general error
			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
			return ("Internal Server Error");
		}
		if (user == null) {
			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
			return ("Username Or Password Are Incorrect");
		}

		request.getSession().setAttribute("user", user);
		// login successful - redirect to main page
		response.setStatus(HttpServletResponse.SC_OK);
		return ("OK");
	}

	/*
	 * Register - register user and login
	 */
	private String register(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		// get params from POST and check that they're legal
		String firstName = request.getParameter("firstName");
		String lastName = request.getParameter("lastName");
		String email = request.getParameter("email");
		String username = request.getParameter("username");
		String password = request.getParameter("password");
		String rePassword = request.getParameter("rePassword");
		String faculty = request.getParameter("faculty");
		String phone = request.getParameter("phone");
		int semester = 0;

		if ((!username.matches("^[A-Za-z0-9]*$")) || (username.length() > 12)) {
			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
			return ("Username is illegal, must be only number and letters");
		}
		if ((!phone.matches("^[0-9]([0-9]|-)*$")) || (phone.length() > 15)) {
			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
			return ("Phone number must be only numbers and dashes");
		}
		try {
			semester = Integer.parseInt(request.getParameter("semester"));
		} catch (Exception e) {
			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
			return ("Semester must be a number");
		}
		String adminCode = request.getParameter("adminCode");
		boolean isAdmin = (adminCode.equals("123"));
		User user = new User(User.NEW_USER, password, username, firstName,
				lastName, email, faculty, semester, phone, isAdmin);
		if (user.getFirstName() == null || user.getFirstName().isEmpty()
				|| user.getUsername() == null || user.getUsername().isEmpty()
				|| user.getPassword() == null || user.getPassword().isEmpty()
				|| user.getLastName() == null || user.getLastName().isEmpty()) {
			Log.err("UserController[Register]: Bad Params");
			response.setStatus(HttpServletResponse.SC_NOT_FOUND);
			return ("bad parameters");
		}
		if (!user.getPassword().equals(rePassword)) {
			Log.err("UserController[Register]: Passwords don't match");
			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
			return ("Passwords don't match");
		}
		UserHandler uh = new UserHandler();
		int id = 0;
		try {
			id = uh.addUser(user);
		} catch (MyException e) {
			Log.err("UserController[Register]: User already exists");
			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
			return ("Username is not available");
		}
		user.setId(id);
		if (id==0) {
			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
			return ("Some error has accurd");
		}
		Log.err("registered");
		request.getSession(true).setAttribute("user", user);
		response.setStatus(HttpServletResponse.SC_OK);
		return ("OK");
	}

	/*
	 * logout - logout user from session
	 */
	private void logout(HttpServletRequest request) {
		request.getSession().removeAttribute("user");
	}

	/*
	 * Delete User - delete user and all his data
	 */
	private String deleteUser(HttpServletRequest request,
			HttpServletResponse response) {
		// get params form POST
		// if username is null then delete user in session
		String username = request.getParameter("username");

		UserHandler uh = new UserHandler();
		User user = null;
		if (username != null) {
			try {
				user = uh.fetchUser(username);
			} catch (Exception e) {
				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
				return ("User doesn't exist");
			}
			if (user.isAdmin()) {
				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
				return ("Admins Cannot be deleted by other admins");
			}
		} else {
			user = (User) request.getSession().getAttribute("user");
			request.getSession().removeAttribute("user");
		}
		try {
			uh.deleteUser(user.getId());
		} catch (Exception e) {
			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
			return ("Can't delete user");
		}
		response.setStatus(HttpServletResponse.SC_OK);
		return ("OK");
	}

	/*
	 * Change Field - change field of user
	 */
	private String changeField(HttpServletRequest request,
			HttpServletResponse response, String field) {
		// get params from POST
		String newValue = request.getParameter("value");

		// get user from session
		User user = (User) request.getSession().getAttribute("user");
		UserHandler uh = new UserHandler();
		try {
			if (field.equals(Tables.User.Columns.PASSWORD)) {
				// password change requested
				String password = request.getParameter("oldPassword");
				if (uh.Authenticate(user.getUsername(), password) == null) {
					response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
					return ("Old password is incorrect");
				}
			}
			if ((field.equals(Tables.User.Columns.PHONE))
					&& (!newValue.matches("^[0-9]([0-9]|-)*$"))) {
				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
				return ("Phone number must be only numbers and dashes");
			}
			user = uh.updateField(user, field, newValue);
			request.getSession(true).setAttribute("user", user);
		} catch (Exception e) {
			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
			return ("Couldn't update");
		}
		response.setStatus(HttpServletResponse.SC_OK);
		return ("OK");
	}

	private String defaultDB(HttpServletRequest request,
			HttpServletResponse response) {
		DBDefault.resetDBToDefault();
		response.setStatus(HttpServletResponse.SC_OK);
		return ("OK");
	}
	
	private String restartDB(HttpServletRequest request,
			HttpServletResponse response) {
		DBDefault.resetDB();
		response.setStatus(HttpServletResponse.SC_OK);
		return ("OK");
	}

	private String getSchedule(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		String style = request.getParameter("style");

		String xmlString = createXml(request);
		if (xmlString == null) {
			PrintWriter pw = response.getWriter();
			pw.write("<br/><br/><b><center>No registered courses</center></b>");
			response.setStatus(HttpServletResponse.SC_OK);
			return("OK");
		}

		StringReader xmlInput = new StringReader(xmlString);
		InputStream xslInput = null;
		if ((style.equals("Box.Style")) || (style.equals("Table.Style"))) {
			xslInput = getServletContext().getResourceAsStream("/WEB-INF/"+style+".xsl");
		} else {
			StyleHandler sh = new StyleHandler();
			try {
				xslInput = sh.getStyle(style).getFile();
			} catch (Exception e) {
				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
				return ("Style doesn't exist");
			}
		}
			
		Source xmlSource = new StreamSource(xmlInput);
		Source xslSource = new StreamSource(xslInput);

		// XML result will be written to HTTP response.
		Result xmlResult = new StreamResult(response.getOutputStream());
		try {
			Transformer transformer = TransformerFactory.newInstance()
					.newTransformer(xslSource);
			transformer.transform(xmlSource, xmlResult);
		} catch (Exception e) {
			Log.err("xml xslt transform error");
			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
			return ("return couldn't load file");
		}
	    
		response.setStatus(HttpServletResponse.SC_OK);
		return ("OK");
	}
	private String deleteStyle(HttpServletRequest request,
			HttpServletResponse response) {
		String name = request.getParameter("style");
		
		StyleHandler sh = new StyleHandler();
		try {
			sh.removeStyle(name);
		} catch (Exception e) {
			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
			return ("Couldn't delete the style");
		}

		response.setStatus(HttpServletResponse.SC_OK);
		return ("OK");
	}

	/* **************** */
	/* Helper functions */
	/* **************** */

	/*
	 * Get all courses of user
	 */
	private List<Course> getAllUserCourses(User user, boolean registered) {
		CourseHandler ch = new CourseHandler();
		List<Course> courses = null;
		try {
			courses = ch.fetchAllCourses(user, registered);
		} catch (Exception e) {
			Log.err("Courses[getAllCourses]: exception");
		}
		if (courses == null) {
			courses = new ArrayList<Course>();
		}
		return courses;
	}

	/*
	 * Get all users
	 */
	private List<User> getAllUsers() {
		UserHandler uh = new UserHandler();
		List<User> users = null;
		try {
			users = uh.fetchAllUsers();
		} catch (Exception e) {
			Log.err("Users[getAllUsers]: exception");
		}
		if (users == null) {
			users = new ArrayList<User>();
		}
		return users;
	}

	private String createXml(HttpServletRequest request) throws IOException,
			TransformerFactoryConfigurationError {
		DocumentBuilderFactory dbfac = DocumentBuilderFactory.newInstance();
		DocumentBuilder docBuilder = null;
		try {
			docBuilder = dbfac.newDocumentBuilder();
		} catch (ParserConfigurationException e1) {
			return ("");
		}
		Document doc = docBuilder.newDocument();
		Element root = doc.createElement("timetable");
		doc.appendChild(root);
		User user = (User) request.getSession().getAttribute("user");
		List<Course> usersCourseList = null;
		CourseHandler ch = new CourseHandler();
		try {
			usersCourseList = ch.fetchAllRegisteredCoursesWithSessions(user);
		} catch (Exception e) {
		}
		if (usersCourseList == null) {
			return null;
		}

		// Append days of week to the root.
		Element rootChild = doc.createElement("day");
		rootChild.setAttribute("id", "Sunday");
		rootChild.setIdAttribute("id", true);
		root.appendChild(rootChild);

		rootChild = doc.createElement("day");
		rootChild.setAttribute("id", "Monday");
		rootChild.setIdAttribute("id", true);
		root.appendChild(rootChild);

		rootChild = doc.createElement("day");
		rootChild.setAttribute("id", "Tuesday");
		rootChild.setIdAttribute("id", true);
		root.appendChild(rootChild);

		rootChild = doc.createElement("day");
		rootChild.setAttribute("id", "Wednesday");
		rootChild.setIdAttribute("id", true);
		root.appendChild(rootChild);

		rootChild = doc.createElement("day");
		rootChild.setAttribute("id", "Thursday");
		rootChild.setIdAttribute("id", true);
		root.appendChild(rootChild);

		rootChild = doc.createElement("day");
		rootChild.setAttribute("id", "Friday");
		rootChild.setIdAttribute("id", true);
		root.appendChild(rootChild);

		rootChild = doc.createElement("day");
		rootChild.setAttribute("id", "Saturday");
		rootChild.setIdAttribute("id", true);
		root.appendChild(rootChild);

		for (Course course : usersCourseList) {
			List<entities.Session> sessionList = course.getSessions();
			if (sessionList != null) {
				for (entities.Session session : sessionList) {
					Element father = doc.getElementById(session.getDay()
							.toString());
					Element child = null;
					child = doc.createElement("course");
					child.setAttribute("start", session.getStartTime()
							.substring(0, session.getStartTime().indexOf(':')));
					child.setAttribute(
							"end",
							session.getEndTime().substring(0,
									session.getEndTime().indexOf(':')));
					child.setAttribute("title",
							course.getName().replace(' ', ' '));
					father.appendChild(child);
				}
			}
		}

		TransformerFactory transfac = TransformerFactory.newInstance();
		Transformer trans = null;
		try {
			trans = transfac.newTransformer();
		} catch (TransformerConfigurationException e) {
			Log.err("couldn't tansform with xsl");
			return null;
		}

		trans.setOutputProperty(OutputKeys.INDENT, "yes");
		String path = request.getRequestURL().substring(0,
				request.getRequestURL().lastIndexOf("/"))
				+ "/courses.DTD";
		trans.setOutputProperty(OutputKeys.DOCTYPE_SYSTEM, path);
		// create string from the XML tree
		StringWriter sw = new StringWriter();
		StreamResult result = new StreamResult(sw);
		DOMSource source = new DOMSource(doc);
		try {
			trans.transform(source, result);
		} catch (TransformerException e) {
			e.printStackTrace();
		}
		return sw.toString();
	}

	/*
	 * action filter
	 */
	private boolean CanDoAction(HttpServletRequest request, User user,
			int action) {
		if (user == null) {
			// unregistered user
			switch (action) {
				case Actions.User.DB_DEFAULT :
				case Actions.User.DB_RESTART :
				case Actions.User.LOGIN :
				case Actions.User.REGISTER :
					return true;
				default :
					return false;
			}
		} else if (!user.isAdmin()) {
			// registered user NOT ADMIN
			switch (action) {
				case Actions.User.DELETE :
					String username = request.getParameter("username");
					if (username == null) {
						return true;
					}
				case Actions.User.DB_DEFAULT :
				case Actions.User.DB_RESTART :
				case Actions.User.LOGIN :
				case Actions.User.REGISTER :
					return false;
				default :
					return true;
			}
		} else if (user.isAdmin()) {
			// admin
			switch (action) {
				case Actions.User.DB_DEFAULT :
				case Actions.User.DB_RESTART :
				case Actions.User.LOGIN :
				case Actions.User.REGISTER :
					return false;
				default :
					return true;
			}
		}
		return false;
	}

	/*
	 * page filter
	 */
	private boolean canSeePage(User user, String pathInfo) {
		if (user == null) {
			// unregistered user
			return false;
		} else if (!user.isAdmin()) {
			if ((pathInfo == null) || (pathInfo.equals("/"))
					|| (pathInfo.toLowerCase().equals("/profile"))
					|| (pathInfo.toLowerCase().equals("/wishlist"))
					|| (pathInfo.toLowerCase().equals("/courses"))
					|| (pathInfo.toLowerCase().equals("/schedule"))
					|| (pathInfo.toLowerCase().equals("/xml"))) {
				return true;
			} else {
				// trying to view personal information of another user
				return false;
			}
		} else {
			// admin
			return true;
		}
	}
}
